ComboFix 16-09-28.01 - Olivier 11/10/2016  20:15:17.1.4 - x64
Microsoft Windows 7 Édition Intégrale   6.1.7600.0.1252.33.1036.18.8130.6635 [GMT 2:00]
Lancé depuis: c:\users\Olivier\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Olivier\Desktop\cacaoweb.exe
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2016-09-11 au 2016-10-11  ))))))))))))))))))))))))))))))))))))
.
.
2016-10-11 18:18 . 2016-10-11 18:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-10-11 17:51 . 2016-10-11 17:51	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2016-10-11 15:15 . 2016-10-11 17:54	--------	d-----w-	c:\users\Olivier\AppData\Roaming\ZHP
2016-10-10 18:03 . 2016-10-10 18:03	--------	d-----w-	c:\users\Olivier\.swt
2016-10-09 12:27 . 2016-10-09 12:27	--------	d-----w-	c:\programdata\ATI
2016-10-05 16:13 . 2016-10-11 16:34	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-05 16:10 . 2016-10-05 16:10	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2016-10-05 16:10 . 2016-10-05 16:10	--------	d-----w-	c:\programdata\Malwarebytes
2016-10-05 16:10 . 2016-03-10 12:09	64896	----a-w-	c:\windows\system32\drivers\mwac.sys
2016-10-05 16:10 . 2016-03-10 12:08	140672	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2016-10-05 16:10 . 2016-03-10 12:08	27008	----a-w-	c:\windows\system32\drivers\mbam.sys
2016-09-24 06:22 . 2016-09-24 06:25	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2016-09-24 05:44 . 2016-09-24 05:44	--------	d-----w-	c:\users\Olivier\AppData\Roaming\driveridentifier
2016-09-24 05:33 . 2016-09-24 05:33	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2016-09-12 16:57 . 2016-09-12 16:57	--------	d-----w-	c:\program files (x86)\Microsoft Chart Controls
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-14 15:01 . 2015-07-14 09:04	796352	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2016-09-14 15:01 . 2015-07-14 09:04	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-04 14:13 . 2016-01-30 10:36	97856	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-08-12 13:24 . 2016-08-12 13:24	0	---ha-w-	c:\users\Olivier\AppData\Local\BIT3D20.tmp
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2015-03-12 39376]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-08-31 1402792]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-02-12 8641240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-07-14 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-06-22 767176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-08-31 1402792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-17 09:18	1267528	----a-w-	c:\program files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14 15:01]
.
2016-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09 15:55]
.
2016-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09 15:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-05-14 7575768]
"StartCN"="c:\program files\AMD\CNext\CNext\cnext.exe" [2015-11-18 4859592]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\hkj5lo98.default-1438604180655\
FF - prefs.js: browser.search.selectedEngine - Search Provided by Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-RGSC - d:\gta 4\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-Chromium - c:\users\olivier\appdata\local\chromium\application\chrome.exe
Wow6432Node-HKLM-Run-EaseUS EPM tray - c:\program files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
AddRemove-Wincy - c:\users\Olivier\AppData\Local\{66FF50A3-4257-3C1B-2FCF-19F30BA7E56B}\uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2133442128-3238789513-627258062-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b2,f2,11,f1,31,82,bf,82,39,f9,f3,fc,cf,e1,54,ee,2f,08,4c,a7,79,21,d1,
   c2,e2,c3,e8,7b,4d,7d,6f,9e,92,a4,37,15,f2,7e,17,ef,83,34,df,95,d1,aa,2e,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2133442128-3238789513-627258062-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,1d,8d,1f,88,41,4c,cc,3d,09,72,93,3d,92,bc,d4,15,d7,a2,34,a3,
   cd,d6,27,4a,16,17,ad,94,f2,52,8d,7c,e7,c3,a6,10,26,0f,c9,f4,f7,dd,68,da,6e,\
"rkeysecu"=hex:0d,23,fe,48,4b,4e,0e,a4,cd,41,06,88,02,42,66,7f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2016-10-11  20:19:20
ComboFix-quarantined-files.txt  2016-10-11 18:19
.
Avant-CF: 56 093 810 688 octets libres
Après-CF: 55 706 480 640 octets libres
.
- - End Of File - - 4BE1719DF71E8B14EFECAADBBB894C50
A36C5E4F47E84449FF07ED3517B43A31